# Contributor: Michael Pirogov <vbnet.ru@gmail.com>
# Contributor: Stuart Cardall <developer at it-offshore dot co.uk>
# Maintainer: Steve McMaster <code@mcmaster.io>
pkgname=suricata
pkgver=6.0.5
pkgrel=0
pkgdesc="High performance Network IDS, IPS and Network Security Monitoring engine"
url="https://suricata-ids.org/"
# s390x lacks rust support, x86 segfault on build
arch="all !s390x !riscv64 !x86"
license="GPL-2.0-only"
makedepends="
	autoconf
	automake
	cargo
	file-dev
	geoip-dev
	hiredis-dev
	jansson-dev
	libcap-ng-dev
	libhtp-dev>=0.5.39
	libmaxminddb-dev
	libnetfilter_log-dev
	libnetfilter_queue-dev
	libnet-dev
	libnfnetlink-dev
	libpcap-dev
	libtool
	lz4-dev
	nspr-dev
	nss-dev
	pcre-dev
	rust
	yaml-dev
	"
depends="python3 py3-yaml"
subpackages="$pkgname-doc $pkgname-openrc"
install="$pkgname.post-install"
source="https://www.openinfosecfoundation.org/download/suricata-$pkgver.tar.gz
	$pkgname.confd
	$pkgname.initd
	$pkgname.logrotate
	10-nflog.patch
	"

# secfixes:
#   6.0.4-r0:
#    - CVE-2021-37592
#    - CVE-2021-45098
#   6.0.3-r0:
#    - CVE-2021-35063

case "$CARCH" in
	x86|x86_64|aarch64)
		_lua="--enable-luajit"
		makedepends="$makedepends luajit-dev vectorscan-dev" ;;
	ppc64le)
		# ppc64le has missing symbols with luajit and lua
		_lua="" ;;
	*)
		_lua="--enable-luajit"
		makedepends="$makedepends luajit-dev" ;;
esac

prepare() {
	default_prepare
	autoreconf -vif
}

build() {
	HAVE_PYTHON=/usr/bin/python3 ./configure \
		--build=$CBUILD \
		--host=$CHOST \
		--prefix=/usr \
		--sysconfdir=/etc \
		--mandir=/usr/share/man \
		--localstatedir=/var \
		--enable-non-bundled-htp \
		--enable-nflog \
		--enable-nfqueue \
		--disable-gccmarch-native \
		--enable-hiredis \
		--enable-geoip \
		--enable-gccprotect \
		--enable-pie \
		"$_lua" \
		--enable-rust
	make
}

check() {
	make check
}

package() {
	make DESTDIR="$pkgdir" install
	make DESTDIR="$pkgdir" install-conf

	cd "$srcdir"
	install -D -m 755 $pkgname.initd "$pkgdir"/etc/init.d/$pkgname
	install -D -m 644 $pkgname.confd "$pkgdir"/etc/conf.d/$pkgname
	install -D -m 644 $pkgname.logrotate "$pkgdir"/etc/logrotate.d/$pkgname

	# install rules
	mkdir -p "$pkgdir"/etc/$pkgname/rules
	install -Dm644 "$builddir"/rules/*.rules "$pkgdir"/etc/$pkgname/rules/
}
sha512sums="
8b15a8756846faed4120eef75641a6595d06ec9282a934f4d740bba6d01f08b4e876bf6c53559ab571aba5fab70dcc70d891c82978d6b60ab86ab0ae9660368e  suricata-6.0.5.tar.gz
ed7c78a80192f3f3ed433330df323beccb6079b5413289b9e9faa3fceea2c536de93de7372968d8605abd1618d73c9319ee39d86b16eed22e7313c8667252f5d  suricata.confd
258c6d60fc878dc1c7b7bf93cc758080050f591084a1edf7f1aac81ccb523c73615716616fedd0269f9ac5ef2fa7adcb3e2cefd714754bac5571e9806b6781be  suricata.initd
4f76a35bcde78c9860701897fe19bb84cc46bbc429124c4cb2e94cf3330f00ebe8067c0d7f3f83478e9b95323adb947e5081658f455657c4d03c682abe707534  suricata.logrotate
e0e5a03c9b681bd1b5ac44b450ae896f32c99cd95a9247ad075b5a1428ae2c476d93abc449c20e43ae472edbc0b6a4f00b1b9b022a5eea7bb086fcc0accd42ed  10-nflog.patch
"
